On Mon, Feb 16, 2009, Maxim Masiutin wrote: > Hello All, > > I'm trying to use Diffie-Hellman implementation from OpenSSL 0.9.8j to > implement this algorithm for X.509 certificate to be used for S/MIME in > The Bat! email client (www.ritlabs.com) > > Unfortunately, OpenSSL only generates p and g parameters, without setting > q and j. Eric Young wrote a comment in crypto\dh\dh.h that these values > are "Place holders if we want to do X9.42 DH". Now I _want_ to do X9.42 > ;-) but not qualified enough to implement the necessary changes by > myself. > > I would be greatful for an update to OpenSSL to fully support q (and maybe > j), this should not be very complex for a person who knows this topic. > > Thank you very much in advance! >
I added the comment. I can't see why anyone would want to use X9.42 DH these days. I have never seen a single X9.42 DH certificate in active use, only in a very small number of test vectors. Those test vectors were clearly broken and despite reporting them often no one seemed all that interested. That was before the RSA patent expired when it was seen as a patent free alternative. The conclusion is: don't bother use RSA like everyone else. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
